Cyber Attack Simulation for 450 Executives at the Finance Malta conference, in May 2018. Will your Board Directors also disagree on how to respond to a Breach?
Best Practices for Implementing an External Recruiting Partnership
Cyber Attack Simulation for 450 Executives
1. Cyber Attack
Executive Simulation
450 Delegates to the annual
Finance Malta conference
joined this simulation
on 17th May 2018
Kevin.Duffey@CyberRescue.co.uk
2. This version of the slides
shows delegate’s answers.
Notice that –like untrained
executives in a real crisis –
people disagreed on what to
do… .
To follow Cyber Rescue: www.tinyurl.com/cyber999
3. Cyber Rescue helps CEOs reduce
harm from cyber attacks
To follow Cyber Rescue: www.tinyurl.com/cyber999
4. You’re now on the Board of Acme
To follow Cyber Rescue: www.tinyurl.com/cyber999
5.
6. Who do you inform?
1. Nobody – this doesn’t look real
2. Police – perhaps they can help
3. CEO – the boss needs to know
4. DPO – tell Data Privacy Officer
5. IT Team – were we breached?
6. Procurement – 3rd party breach
7. Other – eg Security, Insurance…
To follow Cyber Rescue: www.tinyurl.com/cyber999
7. Who do you inform?
Note: 30% of 450
untrained delegates
would not tell their
IT colleagues.
Over 50% wouldn’t
tell their DPO or
CEO, & over 90%
wouldn’t tell the
police of blackmail.
To follow Cyber Rescue: www.tinyurl.com/cyber999
8. A 2nd message “from Korea”
Proof
you don’t care
Info on
187 Customers
To follow Cyber Rescue: www.tinyurl.com/cyber999
9. When to tell affected customers?
1. Immediately
2. In 24 hours
3. In 48 hours
4. In 72 hours
5. In 7 days
6. In 28 days
7. Don’t inform
To follow Cyber Rescue: www.tinyurl.com/cyber999
10. Note: 65% of 450
untrained delegates
say they would
inform customers
within 24 hours.
Rushed notifications
often contain errors,
that increase risk of
harm by fraudsters.
To follow Cyber Rescue: www.tinyurl.com/cyber999
When to tell affected customers?
11. Update from IT Department
The Koreans are probably
still in our systems.
One of our staff may have
helped them.
We can stop them if we
disconnect for 3 days.
To follow Cyber Rescue: www.tinyurl.com/cyber999
12. What executive action to take?
1. Disconnect systems from internet
2. Forensics – what has happened?
3. Remediation – close the breach
4. Ask Insurer to confirm covered
5. Brief the Board and set Budget
6. Submit report to Regulators
7. Implement Cyber Crisis Plan
To follow Cyber Rescue: www.tinyurl.com/cyber999
13. Note: 69% of 450
untrained delegates
say they would
implement their
Cyber Crisis Plan.
When did you last
look at your Cyber
Crisis Plan? Do you
want one?
To follow Cyber Rescue: www.tinyurl.com/cyber999
What executive action to take?
14. Where is your Cyber Crisis Plan?
To follow Cyber Rescue: www.tinyurl.com/cyber999
(Cyber Rescue specializes in helping businesses to write & test their executive response plan)
15. But rumours are circulating…
Acme don’t care about my safety!
Now Russians will steal my money
Because we care
On Friday, Acme launch a great
new service to show customers
how we care
To follow Cyber Rescue: www.tinyurl.com/cyber999
16. What communications needed?
1. Stop other comms, such as ad campaign
2. Create web site with Q&A about breach
3. Customer advice, eg how to prevent fraud
4. Provide script (eg for Twitter & Call Centre)
5. Pre-brief employees about situation
6. Identify advocates to speak for company
7. Customer Compensation to go with apology
To follow Cyber Rescue: www.tinyurl.com/cyber999
17. Note: 81% of 450
untrained delegates
would not prepare
advice to customers
on how to avoid
fraud, and 87%
would not consider
compensation.
Customer loyalty???
To follow Cyber Rescue: www.tinyurl.com/cyber999
What communications needed?
18. Finally, some good(ish) news
“The Breach
was at our
marketing
partner in
France.
Fortunately,
our contract
forces them
to pay costs.”
To follow Cyber Rescue: www.tinyurl.com/cyber999
19. Cyber Attack
Executive Simulation
The End… . This simulation “sample” lasted just 19 minutes.
Take Action Now: We recommend every Executive Teams should invest
at least 55 minutes each year, to rehearse their response to the cascade
of commercial consequences that follow a catastrophic breach.
Cyber Rescue are European leaders in providing these to Boards.
To follow Cyber Rescue: www.tinyurl.com/cyber999
20. Cyber Attack
Executive Simulation
Contact us for:
• An executive simulation for your senior team
• A bespoke response plan to help you lead through a breach
• A fully-automated score of your cyber security, Vs your peers
Kevin.Duffey@CyberRescue.co.uk
To follow Cyber Rescue: www.tinyurl.com/cyber999